An organization wants to use a Jump Host to access Prism Element and Prism Central within an NC2 cluster on Azure.
Which statement is true?

1. A. Jump Host instance must be deployed in the cluster VNet.
2. B. Jump Host instance can be deployed in the Prism Central VNet or an external VNet.
3. C. Jump Host must not be use
4. D. Only VPN or ExpressRoute should be use.
5. E. Jump Host instance can only be deployed in the Prism Central VNet.

Correct Answer: B
✑ Jump Host Deployment:A Jump Host is a secure server used to access other systems in a network. In the context of an NC2 cluster on Azure, it serves as an intermediary for accessing Prism Element and Prism Central.
✑ Flexible Deployment Options:The Jump Host can be deployed in either the Prism Central VNet or an external VNet, providing flexibility in network design and access strategies. This allows the organization to choose the most suitable network for deploying the Jump Host based on their security and connectivity requirements.
References:
✑ Nutanix NC2 on Azure Deployment Guide
✑ Azure Virtual Network Configuration Documentation

Which statement best describes south bound traffic to a Nutanix User VPC originating outside the BC2 cluster when using a no-NAT (routed path) having two or more Flow Gateways (FGW)?

1. A. A BGP gateway runs on the CVM of the bare-metal host
2. B. The BGP gateway advertises externally routable IP addresses to the Azure Route Server, with each active FGW external IP address the next hop.
3. C. A BGP gateway runs inside of Prism Centra
4. D. The BGP gateway advertises externally mutable IP addresses to the Azure Route Server, with each active FGW external IP address as the next hop.
5. E. A BGP gateway is deployed as Azure native VMs in the Prism Central VNe
6. F. The BGP gateway advertises externally routable IP addresses to the Prism Central, with each active FGW external IP address as the next hop.
7. G. A BGP gateway is deployed as Azure native VMs in the Prism Central VNe
8. H. The BGP gateway advertises externally routable IP addresses to the Azure Route Server, with each active FGW external IP address as the next hop.

Correct Answer: D
✑ BGP Gateway Deployment:The BGP gateway is deployed as Azure native VMs within the Prism Central VNet. This deployment ensures seamless integration with Azure's networking infrastructure.
✑ Route Advertisement:The BGP gateway advertises the externally routable IP addresses to the Azure Route Server. This setup allows for dynamic routing and efficient traffic management.
✑ Flow Gateways (FGW) as Next Hops:Each active Flow Gateway's external IP address is used as the next hop. This configuration ensures that southbound traffic is correctly routed to the appropriate Flow Gateway, providing efficient and reliable connectivity.
References:
✑ Nutanix NC2 Networking Guide
✑ Azure Route Server and BGP Documentation

Native Azure VMs exist in a subnet (10.20.80.0/20) in the Prism Central VNet that need access to the workload running on the Nutanix User.
What needs to be modified to allow access from the native Azure VMs to the workloads running in the Nutanix User VPC?

1. A. Remove the ERP value on the transit VPC and Nutanix User VPC.
2. B. Change the ERP value to the the subnet range of the native Azure VMs (10.20.80.0/20) on the Transit VPC and the Nutanix User VPC.
3. C. Adjust the Inbound Network Security Group on the Flow Gateway VM External NIC to allow traffic 102030.0/20.
4. D. Adjust the Inbound Network Security Group on the Flow Gateway VM Internal NIC to allow traffic 102030,0/20.

Correct Answer: D
To allow access from the native Azure VMs to the workloads running in the Nutanix User VPC, the administrator needs to:
✑ Adjust the Inbound Network Security Group (NSG) on the Flow Gateway VM's
Internal NIC.
✑ Specifically, allow traffic from the subnet range of the native Azure VMs (10.20.80.0/20) in the Inbound rules of the NSG associated with the Internal NIC of the Flow Gateway VM.
This configuration change permits the desired network traffic, ensuring that the native Azure VMs can communicate with the workloads in the Nutanix User VPC.References
✑ Azure Network Security Groups Overview
✑ Nutanix Networking and Security Best Practices

An administrator has been tasked with ensuring NC2 VMs are able to access Azure and on-premises resources. The NC2 VM traffic must not traverse the internet.
How can the administrator achieve this?

1. A. By using an SSH connection
2. B. By using an Interface Endpoint
3. C. By using ExpressRoute
4. D. By using a Site-to-Site VPN

Correct Answer: C
✑ Requirement Analysis: The NC2 VMs need to access Azure and on-premises resources without traversing the internet, ensuring secure and direct connectivity.
✑ Solution Options:
✑ Conclusion: ExpressRoute is the optimal solution as it offers a private connection that does not involve internet traversal, ensuring secure and efficient access to both Azure and on-premises resources.
References:
✑ Azure ExpressRoute Documentation
✑ Nutanix Clusters on Azure Networking Guide

Which service enables the monitoring of key metrics on various Azure services, including virtual networks, virtual machines, and bare metal hosts for an NC2 cluster?

1. A. Azure Monitor
2. B. Resource Manager
3. C. Azure Service Health
4. D. Azure Network Watcher

Correct Answer: A
✑ Azure Monitor Overview: Azure Monitor is a comprehensive monitoring service that collects, analyzes, and acts on telemetry data from Azure resources.
✑ Key Metrics Monitoring: Azure Monitor enables the monitoring of various Azure services such as virtual networks, virtual machines, and bare metal hosts, providing insights and visibility into their performance and health.
✑ Comparison of Services:
✑ Conclusion: Azure Monitor is the most suitable service for monitoring key metrics across a wide range of Azure services.
References:
✑ Azure Monitor Documentation
✑ Nutanix NC2 on Azure Monitoring Guide